Tech Support Forum - View Single Post - Tons of viruses & slow initially bc of AntiSpyMaster

jtine · 05-08-2008, 08:27 PM

Thank you very much! I uninstalled Sophos and tried to disable McAffee and Norton (I think it worked), and freed up about 20 gb of space. The computer is running a lot faster now! (but I'm still getting pop ups about deletions from SpyBot Search and Destroy, and when I turn on the computer, I get a RUNDLL window that says "Error loading C:\WINDOWS\system32\gjubfvrb.dll")

Here is my ComboFix and new Hijackthis log. Thanks in advance!!!

ComboFix 08-05-08.1 - Justine 2008-05-08 19:33:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.178 [GMT -7:00]
Running from: C:\Documents and Settings\Justine\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Justine\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Justine\Application Data\Anti-Virus-Pro.com
C:\Documents and Settings\Justine\My Documents\CROSOF~1
C:\Documents and Settings\Justine\My Documents\CROSOF~1\??erinit.exe
C:\Documents and Settings\Justine\My Documents\WNSXS~1
C:\Documents and Settings\Justine\My Documents\WNSXS~1\W?nSxS\
C:\Program Files\AntiVirusPro
C:\Program Files\Helper
C:\Program Files\Internet Explorer\setupapi.dll
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\brvfbujg.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\hqiopa.sys
C:\WINDOWS\SYSTEM32\kjjmnnpo.ini
C:\WINDOWS\SYSTEM32\kjjmnnpo.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\win
C:\WINDOWS\system32\X1
C:\WINDOWS\system32\X11
C:\WINDOWS\system32\X3
C:\WINDOWS\system32\X7
C:\WINDOWS\system32\X9

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hqiopa

((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-01 02:27 . 2008-05-01 02:27 <DIR> d-------- C:\Deckard
2008-05-01 00:25 . 2008-05-01 00:25 <DIR> d-------- C:\ie-spyad_zo
2008-04-30 23:38 . 2008-04-30 23:58 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-28 00:34 . 2008-04-28 00:54 <DIR> d-------- C:\Program Files\Panda Security
2008-04-27 18:49 . 2008-04-27 22:17 <DIR> d-------- C:\QUARANTINE
2008-04-27 18:32 . 2008-04-27 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-27 18:16 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-04-27 18:16 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys
2008-04-27 18:16 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys
2008-04-27 18:16 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-04-27 18:15 . 2006-11-30 08:50 168,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2008-04-27 18:12 . 2008-04-27 18:12 269,334 --a------ C:\WINDOWS\SYSTEM32\adofmp.bmp
2008-04-27 17:27 . 2008-04-27 17:27 <DIR> d-------- C:\Program Files\McAfee
2008-04-27 17:27 . 2008-04-27 17:27 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-22 18:55 . 2008-05-08 18:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-22 18:55 . 2008-04-22 18:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-22 05:00 . 2008-04-22 05:00 48,585 --a------ C:\WINDOWS\SYSTEM32\a234e.sys
2008-04-22 04:58 . 2008-04-22 12:33 804 --a-s---- C:\WINDOWS\SYSTEM32\2036478666.dat
2008-04-22 04:44 . 2008-04-22 04:58 2 --a------ C:\-1058766303
2008-04-22 04:43 . 2008-04-22 04:43 20,992 --a------ C:\gpqdiib.exe
2008-04-22 04:40 . 2008-04-22 04:40 269,334 --a------ C:\WINDOWS\SYSTEM32\atkjmlor.bmp
2008-04-21 00:26 . 2008-04-21 00:43 354 --ahs---- C:\WINDOWS\SYSTEM32\ihkfsnfa.ini
2008-04-20 14:00 . 2008-04-20 14:00 <DIR> d-------- C:\HJT
2008-04-20 00:23 . 2008-04-20 12:41 294 --ahs---- C:\WINDOWS\SYSTEM32\wqrqxvsa.ini
2008-04-18 18:13 . 2008-04-18 21:11 294 --ahs---- C:\WINDOWS\SYSTEM32\erriqnst.ini
2008-04-17 22:41 . 2008-04-17 22:41 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-17 22:41 . 2008-04-17 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 22:38 . 2008-04-17 22:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 10:11 . 2008-04-17 02:23 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-04-17 03:33 . 2008-04-17 03:33 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-04-17 03:26 . 2008-04-17 21:27 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-04-17 03:17 . 2008-04-17 20:49 123,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-04-17 03:17 . 2008-04-17 20:49 60,800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-04-17 03:17 . 2008-04-17 20:49 10,740 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-04-17 03:17 . 2008-04-17 20:49 805 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-04-17 02:22 . 2008-04-17 10:37 <DIR> d-------- C:\Documents and Settings\Justine\.housecall6.6
2008-04-16 22:15 . 2008-04-16 22:15 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-16 22:15 . 2008-05-08 19:32 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-16 21:54 . 2008-04-16 22:09 414 --ahs---- C:\WINDOWS\SYSTEM32\gnxoxsxa.ini
2008-04-16 21:52 . 2008-04-16 21:52 294 --ahs---- C:\WINDOWS\SYSTEM32\wjbeguni.ini
2008-04-16 21:49 . 2008-04-28 11:15 109,747 --a------ C:\WINDOWS\BMc3d7b112.xml
2008-04-16 02:44 . 2008-04-28 11:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 02:24 . 2008-04-17 03:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\xcsDd01
2008-04-16 02:24 . 2008-04-17 03:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\pinz1
2008-04-16 02:24 . 2008-04-16 02:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\iFi
2008-04-16 02:24 . 2008-04-16 02:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\IDE2
2008-04-16 02:24 . 2008-04-17 03:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\ExTmp
2008-04-16 02:24 . 2008-04-16 02:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\axV
2008-04-16 02:24 . 2008-04-16 02:24 <DIR> d-------- C:\Temp\berDrv11
2008-04-16 02:24 . 2008-04-16 02:25 167,545 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
2008-04-13 23:12 . 2008-04-22 18:32 0 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\logiflt.iad
2008-04-13 23:09 . 2007-10-11 18:57 195,096 --a------ C:\WINDOWS\SYSTEM32\lvci1150.dll
2008-04-13 23:04 . 2008-04-14 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 02:48 --------- d-----w C:\Program Files\Sophos
2008-05-09 02:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-09 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-05 03:59 --------- d-----w C:\Program Files\Zoom Player
2008-04-28 19:36 --------- d-----w C:\Documents and Settings\Justine\Application Data\Viewpoint
2008-04-28 19:20 --------- d-----w C:\Program Files\Viewpoint
2008-04-28 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-23 01:33 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-04-18 03:49 --------- d-----w C:\Program Files\Symantec
2008-04-17 10:52 --------- d-----w C:\Documents and Settings\Justine\Application Data\Symantec
2008-04-17 08:56 --------- d-----w C:\Program Files\Minilyrics
2008-04-17 08:55 --------- d-----w C:\Program Files\WinMX
2008-04-17 08:54 --------- d-----w C:\Program Files\LimeWire
2008-04-16 10:12 --------- d-----w C:\Documents and Settings\Justine\Application Data\uTorrent
2008-04-14 06:12 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-04-14 06:07 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-14 06:04 --------- d-----w C:\Program Files\Logitech
2008-04-07 07:32 --------- d-----w C:\Program Files\QuickTime
2008-04-03 09:44 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-02 18:36 --------- d-----w C:\Program Files\MSN Messenger
2008-04-02 18:24 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-02 18:21 --------- d-----w C:\Program Files\Windows Live
2008-04-02 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 17:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-11 00:38 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-03-08 08:12 48,632 -c--a-w C:\Documents and Settings\Justine\Application Data\GDIPFONTCACHEV1.DAT
2005-09-16 08:18 10,775 -c--a-w C:\Program Files\Sophos SWEEP for NTtsweep.log
2005-07-30 23:02 2,161 -c--a-w C:\Program Files\Sophos SWEEP for NT053007.log
2005-07-29 18:20 2,264 -c--a-w C:\Program Files\Sophos SWEEP for NT052907.log
2005-04-05 07:28 1,848 -c--a-w C:\Program Files\Sophos SWEEP for NT050504.log
.

------- Sigcheck -------

2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2002-08-29 03:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 12:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 19:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 04:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dfb2c45-31cd-4e40-ad0a-81ded3400326}]
C:\WINDOWS\system32\bprydhdn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5cf365dd-e76e-4f8c-990f-f2740df9aa05}]
C:\WINDOWS\system32\opnnmjjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-17 20:44 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCAC61D1-A34D-D6B1-1397-A58F050C2CC8}]
C:\WINDOWS\system32\spqcv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 20:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 23:25 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-10 17:38 36864]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 23:44 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48 32881]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 09:43 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 18:15 290816]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-11 17:49 180269]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 17:49 49152]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 16:41 163840]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 10:45 35328]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-05-09 19:58 158208]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 18:08 813912]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50 112216]
"c0e4828e"="C:\WINDOWS\system32\gjubfvrb.dll" [ ]
"BMc3d7b112"="C:\WINDOWS\system32\srdkfqmr.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-09-19 16:32:58 113664]
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2005-07-20 16:02:33 372224]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\sysreset\\mirc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"C:\\Program Files\\Direct Connect\\Direct Connect.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\CoffeeCup Software\\CoffeeCup Free FTP\\FreeFTP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12220:TCP"= 12220:TCP:STCPE LP
"80:TCP"= 80:TCP:Web
"17205:TCP"= 17205:TCP:BitComet 17205 TCP
"17205:UDP"= 17205:UDP:BitComet 17205 UDP

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 tabletservicewlsetupsvc;TabletService TabletServiceWLSetupSvc;C:\WINDOWS\system32\1037o.exe []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 naimservinst;NAI ePO Agent Install;C:\DOCUME~1\Justine\LOCALS~1\Temp\unz31.tmp\FramePkg.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaea4a76-2b14-11dc-9d47-000f1f57278b}]
\shell\verb1\command - desktop.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 00:34:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-03 02:24:31 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- c:\Program Files\Microsoft IntelliType Pro\itype.exe
"2008-04-18 02:57:14 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Justine.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 19:52:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\SAMLIB.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-05-08 20:13:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-09 03:12:51

Pre-Run: 21,964,402,688 bytes free
Post-Run: 21,943,730,176 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

306 --- E O F --- 2008-04-09 09:05:42

here's the new hijack this log:
--------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:03 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Justine\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: {6230043d-ed18-a0da-04e4-dc1354c2bfd1} - {1dfb2c45-31cd-4e40-ad0a-81ded3400326} - C:\WINDOWS\system32\bprydhdn.dll (file missing)
O2 - BHO: (no name) - {5cf365dd-e76e-4f8c-990f-f2740df9aa05} - C:\WINDOWS\system32\opnnmjjk.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {CCAC61D1-A34D-D6B1-1397-A58F050C2CC8} - C:\WINDOWS\system32\spqcv.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [c0e4828e] rundll32.exe "C:\WINDOWS\system32\gjubfvrb.dll",b
O4 - HKLM\..\Run: [BMc3d7b112] Rundll32.exe "C:\WINDOWS\system32\srdkfqmr.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\pinz1\cegmgr76.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: iTunes.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/12bc2ee4...p/RdxIE601.cab
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1209631279976
O16 - DPF: {7935ACFD-5007-4C61-B603-3FEA6097871C} (stcpeX.stcpeocx) - http://phi.resnet.ucla.edu/ResNetReg2/stcpeX.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: bw+0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee McShield (mcshield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (mctaskmanager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NAI ePO Agent Install (naimservinst) - Unknown owner - C:\DOCUME~1\Justine\LOCALS~1\Temp\unz31.tmp\FramePkg.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TabletService TabletServiceWLSetupSvc (tabletservicewlsetupsvc) - Unknown owner - C:\WINDOWS\system32\1037o.exe (file missing)

--
End of file - 25775 bytes

05-08-2008, 08:27 PM	#6 (permalink)
jtine Registered User Join Date: May 2008 Posts: 6 OS: Windows XP Service Pack 2	Re: Tons of viruses & slow initially bc of AntiSpyMaster Thank you very much! I uninstalled Sophos and tried to disable McAffee and Norton (I think it worked), and freed up about 20 gb of space. The computer is running a lot faster now! (but I'm still getting pop ups about deletions from SpyBot Search and Destroy, and when I turn on the computer, I get a RUNDLL window that says "Error loading C:\WINDOWS\system32\gjubfvrb.dll") Here is my ComboFix and new Hijackthis log. Thanks in advance!!! ComboFix 08-05-08.1 - Justine 2008-05-08 19:33:54.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.178 [GMT -7:00] Running from: C:\Documents and Settings\Justine\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Justine\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Justine\Application Data\Anti-Virus-Pro.com C:\Documents and Settings\Justine\My Documents\CROSOF~1 C:\Documents and Settings\Justine\My Documents\CROSOF~1\??erinit.exe C:\Documents and Settings\Justine\My Documents\WNSXS~1 C:\Documents and Settings\Justine\My Documents\WNSXS~1\W?nSxS\ C:\Program Files\AntiVirusPro C:\Program Files\Helper C:\Program Files\Internet Explorer\setupapi.dll C:\temp\0c2 C:\temp\0c2\tmpFF.log C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\brr C:\temp\brr\tmpZTF.log C:\temp\tn3 C:\WINDOWS\pskt.ini C:\WINDOWS\system32\b02FdUe C:\WINDOWS\system32\brvfbujg.ini C:\WINDOWS\system32\drivers\fad.sys C:\WINDOWS\system32\hqiopa.sys C:\WINDOWS\SYSTEM32\kjjmnnpo.ini C:\WINDOWS\SYSTEM32\kjjmnnpo.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\win C:\WINDOWS\system32\X1 C:\WINDOWS\system32\X11 C:\WINDOWS\system32\X3 C:\WINDOWS\system32\X7 C:\WINDOWS\system32\X9 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hqiopa ((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))) . 2008-05-01 02:27 . 2008-05-01 02:27 <DIR> d-------- C:\Deckard 2008-05-01 00:25 . 2008-05-01 00:25 <DIR> d-------- C:\ie-spyad_zo 2008-04-30 23:38 . 2008-04-30 23:58 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-04-28 00:34 . 2008-04-28 00:54 <DIR> d-------- C:\Program Files\Panda Security 2008-04-27 18:49 . 2008-04-27 22:17 <DIR> d-------- C:\QUARANTINE 2008-04-27 18:32 . 2008-04-27 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-04-27 18:16 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys 2008-04-27 18:16 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys 2008-04-27 18:16 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys 2008-04-27 18:16 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys 2008-04-27 18:15 . 2006-11-30 08:50 168,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys 2008-04-27 18:12 . 2008-04-27 18:12 269,334 --a------ C:\WINDOWS\SYSTEM32\adofmp.bmp 2008-04-27 17:27 . 2008-04-27 17:27 <DIR> d-------- C:\Program Files\McAfee 2008-04-27 17:27 . 2008-04-27 17:27 <DIR> d-------- C:\Program Files\Common Files\McAfee 2008-04-22 18:55 . 2008-05-08 18:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-22 18:55 . 2008-04-22 18:55 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-22 05:00 . 2008-04-22 05:00 48,585 --a------ C:\WINDOWS\SYSTEM32\a234e.sys 2008-04-22 04:58 . 2008-04-22 12:33 804 --a-s---- C:\WINDOWS\SYSTEM32\2036478666.dat 2008-04-22 04:44 . 2008-04-22 04:58 2 --a------ C:\-1058766303 2008-04-22 04:43 . 2008-04-22 04:43 20,992 --a------ C:\gpqdiib.exe 2008-04-22 04:40 . 2008-04-22 04:40 269,334 --a------ C:\WINDOWS\SYSTEM32\atkjmlor.bmp 2008-04-21 00:26 . 2008-04-21 00:43 354 --ahs---- C:\WINDOWS\SYSTEM32\ihkfsnfa.ini 2008-04-20 14:00 . 2008-04-20 14:00 <DIR> d-------- C:\HJT 2008-04-20 00:23 . 2008-04-20 12:41 294 --ahs---- C:\WINDOWS\SYSTEM32\wqrqxvsa.ini 2008-04-18 18:13 . 2008-04-18 21:11 294 --ahs---- C:\WINDOWS\SYSTEM32\erriqnst.ini 2008-04-17 22:41 . 2008-04-17 22:41 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-17 22:41 . 2008-04-17 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-17 22:38 . 2008-04-17 22:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-17 10:11 . 2008-04-17 02:23 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys 2008-04-17 03:33 . 2008-04-17 03:33 <DIR> d-------- C:\Program Files\Windows Sidebar 2008-04-17 03:26 . 2008-04-17 21:27 <DIR> d-------- C:\Program Files\Norton Internet Security 2008-04-17 03:17 . 2008-04-17 20:49 123,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS 2008-04-17 03:17 . 2008-04-17 20:49 60,800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL 2008-04-17 03:17 . 2008-04-17 20:49 10,740 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT 2008-04-17 03:17 . 2008-04-17 20:49 805 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF 2008-04-17 02:22 . 2008-04-17 10:37 <DIR> d-------- C:\Documents and Settings\Justine\.housecall6.6 2008-04-16 22:15 . 2008-04-16 22:15 <DIR> d-------- C:\Documents and Settings\Administrator 2008-04-16 22:15 . 2008-05-08 19:32 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG 2008-04-16 21:54 . 2008-04-16 22:09 414 --ahs---- C:\WINDOWS\SYSTEM32\gnxoxsxa.ini 2008-04-16 21:52 . 2008-04-16 21:52 294 --ahs---- C:\WINDOWS\SYSTEM32\wjbeguni.ini 2008-04-16 21:49 . 2008-04-28 11:15 109,747 --a------ C:\WINDOWS\BMc3d7b112.xml 2008-04-16 02:44 . 2008-04-28 11:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-16 02:24 . 2008-04-17 03:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\xcsDd01 2008-04-16 02:24 . 2008-04-17 03:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\pinz1 2008-04-16 02:24 . 2008-04-16 02:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\iFi 2008-04-16 02:24 . 2008-04-16 02:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\IDE2 2008-04-16 02:24 . 2008-04-17 03:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\ExTmp 2008-04-16 02:24 . 2008-04-16 02:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\axV 2008-04-16 02:24 . 2008-04-16 02:24 <DIR> d-------- C:\Temp\berDrv11 2008-04-16 02:24 . 2008-04-16 02:25 167,545 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk 2008-04-13 23:12 . 2008-04-22 18:32 0 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\logiflt.iad 2008-04-13 23:09 . 2007-10-11 18:57 195,096 --a------ C:\WINDOWS\SYSTEM32\lvci1150.dll 2008-04-13 23:04 . 2008-04-14 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-09 02:48 --------- d-----w C:\Program Files\Sophos 2008-05-09 02:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-05-09 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-05-05 03:59 --------- d-----w C:\Program Files\Zoom Player 2008-04-28 19:36 --------- d-----w C:\Documents and Settings\Justine\Application Data\Viewpoint 2008-04-28 19:20 --------- d-----w C:\Program Files\Viewpoint 2008-04-28 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-04-23 01:33 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs 2008-04-18 03:49 --------- d-----w C:\Program Files\Symantec 2008-04-17 10:52 --------- d-----w C:\Documents and Settings\Justine\Application Data\Symantec 2008-04-17 08:56 --------- d-----w C:\Program Files\Minilyrics 2008-04-17 08:55 --------- d-----w C:\Program Files\WinMX 2008-04-17 08:54 --------- d-----w C:\Program Files\LimeWire 2008-04-16 10:12 --------- d-----w C:\Documents and Settings\Justine\Application Data\uTorrent 2008-04-14 06:12 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-04-14 06:07 --------- d-----w C:\Program Files\Common Files\Logitech 2008-04-14 06:04 --------- d-----w C:\Program Files\Logitech 2008-04-07 07:32 --------- d-----w C:\Program Files\QuickTime 2008-04-03 09:44 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-04-02 18:36 --------- d-----w C:\Program Files\MSN Messenger 2008-04-02 18:24 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-02 18:21 --------- d-----w C:\Program Files\Windows Live 2008-04-02 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-02 17:58 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-02-11 00:38 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe 2007-03-08 08:12 48,632 -c--a-w C:\Documents and Settings\Justine\Application Data\GDIPFONTCACHEV1.DAT 2005-09-16 08:18 10,775 -c--a-w C:\Program Files\Sophos SWEEP for NTtsweep.log 2005-07-30 23:02 2,161 -c--a-w C:\Program Files\Sophos SWEEP for NT053007.log 2005-07-29 18:20 2,264 -c--a-w C:\Program Files\Sophos SWEEP for NT052907.log 2005-04-05 07:28 1,848 -c--a-w C:\Program Files\Sophos SWEEP for NT050504.log . ------- Sigcheck ------- 2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys 2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2002-08-29 03:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys 2005-05-25 12:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys 2006-01-12 19:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2006-04-20 04:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys 2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dfb2c45-31cd-4e40-ad0a-81ded3400326}] C:\WINDOWS\system32\bprydhdn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5cf365dd-e76e-4f8c-990f-f2740df9aa05}] C:\WINDOWS\system32\opnnmjjk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-04-17 20:44 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCAC61D1-A34D-D6B1-1397-A58F050C2CC8}] C:\WINDOWS\system32\spqcv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 20:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 23:25 68856] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-10 17:38 36864] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 23:44 126976] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48 32881] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 09:43 53248] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12 221184] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 18:15 290816] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-11 17:49 180269] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 17:49 49152] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 16:41 163840] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 10:45 35328] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-05-09 19:58 158208] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 18:08 813912] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608] "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50 112216] "c0e4828e"="C:\WINDOWS\system32\gjubfvrb.dll" [ ] "BMc3d7b112"="C:\WINDOWS\system32\srdkfqmr.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [ ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-09-19 16:32:58 113664] Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2005-07-20 16:02:33 372224] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\sysreset\\mirc.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\WINDOWS\\SYSTEM32\\mshta.exe"= "C:\\Program Files\\Direct Connect\\Direct Connect.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\CoffeeCup Software\\CoffeeCup Free FTP\\FreeFTP.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12220:TCP"= 12220:TCP:STCPE LP "80:TCP"= 80:TCP:Web "17205:TCP"= 17205:TCP:BitComet 17205 TCP "17205:UDP"= 17205:UDP:BitComet 17205 UDP R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [] S2 tabletservicewlsetupsvc;TabletService TabletServiceWLSetupSvc;C:\WINDOWS\system32\1037o.exe [] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32] S3 naimservinst;NAI ePO Agent Install;C:\DOCUME~1\Justine\LOCALS~1\Temp\unz31.tmp\FramePkg.exe [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaea4a76-2b14-11dc-9d47-000f1f57278b}] \shell\verb1\command - desktop.exe Newly Created Service - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-04-19 00:34:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-03 02:24:31 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job" - c:\Program Files\Microsoft IntelliType Pro\itype.exe "2008-04-18 02:57:14 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Justine.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK: . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-08 19:52:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\system32\SAMLIB.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\SYSTEM32\Tablet.exe C:\WINDOWS\SYSTEM32\wdfmgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe . ************************************************************************ . Completion time: 2008-05-08 20:13:41 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-09 03:12:51 Pre-Run: 21,964,402,688 bytes free Post-Run: 21,943,730,176 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 306 --- E O F --- 2008-04-09 09:05:42 here's the new hijack this log: -------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:24:03 PM, on 5/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Justine\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: {6230043d-ed18-a0da-04e4-dc1354c2bfd1} - {1dfb2c45-31cd-4e40-ad0a-81ded3400326} - C:\WINDOWS\system32\bprydhdn.dll (file missing) O2 - BHO: (no name) - {5cf365dd-e76e-4f8c-990f-f2740df9aa05} - C:\WINDOWS\system32\opnnmjjk.dll (file missing) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {CCAC61D1-A34D-D6B1-1397-A58F050C2CC8} - C:\WINDOWS\system32\spqcv.dll (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [c0e4828e] rundll32.exe "C:\WINDOWS\system32\gjubfvrb.dll",b O4 - HKLM\..\Run: [BMc3d7b112] Rundll32.exe "C:\WINDOWS\system32\srdkfqmr.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'Default user') O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\pinz1\cegmgr76.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Free WebSite Tools.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: iTunes.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/12bc2ee4...p/RdxIE601.cab O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1209631279976 O16 - DPF: {7935ACFD-5007-4C61-B603-3FEA6097871C} (stcpeX.stcpeocx) - http://phi.resnet.ucla.edu/ResNetReg2/stcpeX.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O18 - Protocol: bw+0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee McShield (mcshield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (mctaskmanager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NAI ePO Agent Install (naimservinst) - Unknown owner - C:\DOCUME~1\Justine\LOCALS~1\Temp\unz31.tmp\FramePkg.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: TabletService TabletServiceWLSetupSvc (tabletservicewlsetupsvc) - Unknown owner - C:\WINDOWS\system32\1037o.exe (file missing) -- End of file - 25775 bytes